Resolving an untrusted server certificate

The server certificate that is used to establish a secure connection to a managed device can become untrusted. If the problem is due to a down-level version of the device CA root certificate or device self-signed certificate in the Lenovo XClarity Administrator trust store, XClarity Administrator can resolve the untrusted server certificate.

About this task

If a managed device becomes untrusted, XClarity Administrator prevents communication with that device, preventing you from performing management or inventory operations on that device.

Procedure

To resolve an untrusted server certificate for a managed device, complete the following steps.

  1. From the XClarity Administrator menu bar, click Hardware, and then click the device type (Chassis, Server, Storage, or Switch). A page is displayed with a tabular view of all managed devices of that type.
  2. Select a specific device in the "Offline" state.
  3. Click All Actions > Security > Resolve Untrusted Certificates.
  4. Click Install Certificate.

XClarity Administrator retrieves the current certificate from the target device. If that certificate is different from the trusted certificate for that device in the XClarity Administrator trust store, the new certificate is placed in the XClarity Administrator trust store, overriding the previous certificate for that device.

If this does not resolve the issue, ensure that network connectivity is working between XClarity Administrator and the device.